Deploy in an offline or air-gapped environment
An air-gapped environment refers to a system that does not have access to the public internet. This guide goes through the special configuration steps for installing Charmed PostgreSQL k8s in an air-gapped environment.
Requirements
Canonical does not prescribe how you should set up your specific air-gapped environment. However, it is assumed that it meets the following conditions:
- A K8s cluster is running.
- DNS is configured to the local nameservers.
- Juju is configured to use local air-gapped services.
- The
store-admintool is installed and configured. - Air-gapped CharmHub is installed and running.
- Local APT and LXD Images caches are reachable.
- An air-gapped container registry (such as Artifactory) is reachable from the K8s cluster over HTTPS
- Note: Secure (HTTPS) OCI access is important, otherwise Juju won’t work!
Air-gapped concept summary
Air-gapped day-to-day example
1. Exporting K8s Charms and OCI Resources are currently independent processes.
1.1. Charm. The necessary charm(s) can be exported as bundle OR independently (charm-by-charm). The special store-admin tool is designed to simplify the process. At the moment exporting of Charms and OCI resources are separated, but in the future the store-admin export could export all necessary OCI resource(s)) from official CharmHub.
At the moment, the store-admin exports (and includes into the blob) all the OCI resources metadata only:
store-admin export bundle mysql-k8s-bundle --channel=8.0/edge --series=jammy --arch=amd64
Example output
> store-admin export bundle mysql-k8s-bundle --channel=8.0/edge --series=jammy --arch=amd64
Downloading mysql-k8s-bundle revision 45 (8.0/edge)
[####################################] 100%
Downloading data-integrator revision 71 (edge)
[####################################] 100%
Downloading grafana-agent-k8s revision 93 (edge)
[####################################] 100%
Downloading resources for grafana-agent-k8s
Downloading oci-image resource agent-image revision 45
[####################################] 100%
Falling back to OCI image subpath from online Charmhub for 'agent-image' in charm 'grafana-agent-k8s'.
Downloading mysql-k8s revision 201 (8.0/edge)
[####################################] 100%
Downloading resources for mysql-k8s
Downloading oci-image resource mysql-image revision 113
[####################################] 100%
Falling back to OCI image subpath from online Charmhub for 'mysql-image' in charm 'mysql-k8s'.
Downloading mysql-router-k8s revision 164 (8.0/edge)
[####################################] 100%
Downloading resources for mysql-router-k8s
Downloading oci-image resource mysql-router-image revision 57
[####################################] 100%
Falling back to OCI image subpath from online Charmhub for 'mysql-router-image' in charm 'mysql-router-k8s'.
Downloading mysql-test-app revision 63 (edge)
[####################################] 100%
Downloading s3-integrator revision 59 (edge)
[####################################] 100%
Downloading self-signed-certificates revision 200 (edge)
[####################################] 100%
Downloading sysbench revision 78 (edge)
[####################################] 100%
Successfully exported charm bundle mysql-k8s-bundle: /home/ubuntu/snap/store-admin/common/export/mysql-k8s-bundle-20241006T231254.tar.gz
1.2. OCI: for the manual OCI export, please follow the official CharmHub guide.
2. Transfer the binary blobs using the way of your choice into Air-gapped environment.
cp /home/ubuntu/snap/store-admin/common/export/mysql-k8s-bundle-20241006T231254.tar.gz /media/usb/
...
cp /media/usb/mysql-k8s-bundle-20241006T231254.tar.gz /var/snap/snap-store-proxy/common/charms-to-push/
Note: always check checksum for the transferred blobs!
3. Upload the charm blobs into local Air-gapped CharmHub:
sudo snap-store-proxy push-charm-bundle /var/snap/snap-store-proxy/common/charms-to-push/mysql-k8s-bundle-20241006T231254.tar.gz
Note: when re-importing charms or importing other revisions, make sure to provide the
--push-channel-map.
4. Upload the charm OCI into local Air-gapped OCI registry.
For the manual OCI import, please follow the official CharmHub guide.
5. Deploy and enjoy Juju charms the usual way:
juju deploy mysql-k8s --trust
Note: all the Air-gapp-deployed charms revisions and OCI resources tags/revisions must match the official CharmHub revisions/tags (users can rely in the official release notes).